From adfbc1ff342ece2e482254bcc5381fadfffbbb89 Mon Sep 17 00:00:00 2001 From: "Stephen M. Cameron" Date: Mon, 19 Jul 2010 13:46:28 -0500 Subject: [PATCH] cciss: sanitize max commands cciss: sanitize max commands Some controllers might try to tell us they support 0 commands in performant mode. This is a lie told by buggy firmware. We have to be wary of this lest we try to allocate a negative number of command blocks, which will be treated as unsigned, and get an out of memory condition. Signed-off-by: Stephen M. Cameron Signed-off-by: Jens Axboe --- drivers/block/cciss.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c index b3060eced553..6d4c4f227d55 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c @@ -4112,13 +4112,25 @@ static int __devinit cciss_find_cfgtables(ctlr_info_t *h) return 0; } +static void __devinit cciss_get_max_perf_mode_cmds(struct ctlr_info *h) +{ + h->max_commands = readl(&(h->cfgtable->MaxPerformantModeCommands)); + if (h->max_commands < 16) { + dev_warn(&h->pdev->dev, "Controller reports " + "max supported commands of %d, an obvious lie. " + "Using 16. Ensure that firmware is up to date.\n", + h->max_commands); + h->max_commands = 16; + } +} + /* Interrogate the hardware for some limits: * max commands, max SG elements without chaining, and with chaining, * SG chain block size, etc. */ static void __devinit cciss_find_board_params(ctlr_info_t *h) { - h->max_commands = readl(&(h->cfgtable->MaxPerformantModeCommands)); + cciss_get_max_perf_mode_cmds(h); h->nr_cmds = h->max_commands - 4; /* Allow room for some ioctls */ h->maxsgentries = readl(&(h->cfgtable->MaxSGElements)); /*